summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6895: Add "acl check permissions" to turn on/off the new behaviour ofJeremy Allison1-9/+10
checking for write access in a directory before delete. Also controls checking for write access before labeling a file read-only if DOS attributes are not being stored in EA's. Docuementation to follow. Jeremy. (This used to be commit dd1a5e6e499dd721c5bb8d56a61810a7454a3449)
2007-10-10r6696: Another attempt to fix the (unreproducible for me) bug #2346 (read-onlyJeremy Allison1-6/+21
excel files). Ensures that any missing user ACL entry will be generated from a union of all group permissions that contain the user. Awaiting feedback from the reporters. Jeremy. (This used to be commit 874353e617b314429359e8e9516898f670bbf539)
2007-10-10r6533: Fix for bad comment from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 60325ab1281ebbe70665b5f763065ca60ee9f682)
2007-10-10r6385: Convert checking of egid and secondary egid list intoJeremy Allison1-32/+17
iterator functions so it can be used easily in a for loop. Drops duplicated code from posix_acls.c Jeremy. (This used to be commit 81f30bf5985f5c6dc8399c4695dfa6f14140fde1)
2007-10-10r6378: Other systems may not return 1 for checking WRITE permission.Jeremy Allison1-0/+13
Canaonicalise any +ve return to 1. Jeremy. (This used to be commit e594222d0ba7713088420f6c6603a74c1d5def8e)
2007-10-10r6365: Wow, how much worse does this get. From info provided byJeremy Allison1-0/+26
Eric Stewart <eric@lib.usf.edu> I realised we weren't checking against the current effective groupid (set by force group) as well as the group list. Fix this. Jeremy. (This used to be commit 0c4058c0732b1faa87ca64b8f95ad2fe3106a69f)
2007-10-10r6316: Remove over-cautious asserts. Damn wish I'd made the releaseJeremy Allison1-4/+9
with this.... Jeremy. (This used to be commit 11c464268df2a0a5155e93d4a7d053d2920fcff0)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-8/+3
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-20/+8
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6060: It's not quite accurate to say not having write access causes a groupJeremy Allison1-8/+9
entry never to match - it matches but if doesn't grant access is recorded so the "other" entry isn't subsequently checked. Fix the algorithm. Jeremy. (This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91)
2007-10-10r6057: Don't put the assert in the wrong place :-).Jeremy Allison1-4/+3
Jeremy. (This used to be commit 6609b209f513f0859040686a88ee6c7106c06008)
2007-10-10r6055: Fix algorithm. If any of the primary or supplementary group ids matchJeremy Allison1-2/+18
a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't terminate on the first match. Added debug to show where the match occured (or didn't). Jeremy. (This used to be commit 81fb3372867fa66a092841222e02bd1c104b2d19)
2007-10-10r6053: Fixup dfs path with the new wildcard parser code split out.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e831cef618d55c362e8d3a8a4c2b9f2ed7d4d7bd)
2007-10-10r6049: Ensure "dos filetime" checks file ACLs correctly. May fix Excel ↵Jeremy Allison1-32/+102
"read-only" issue. Jeremy. (This used to be commit 80e788143a6c3d973d3b8e57d91ca5c4a83605b2)
2007-10-10r6001: Oops. Checing the wrong tagtype - should have been SMB_ACL_GROUP, not ↵Jeremy Allison1-1/+1
SMB_ACL_MASK. Fix bug #2521. Jeremy. (This used to be commit 21e3cf2f8f6129324ebb799f959f8d2afe0285d2)
2007-10-10r5616: Forgot about the sticky bit on directories (commonly set on /tmp). If ↵Jeremy Allison1-0/+16
this is set then only the owner or root can delete a file. We now use the same algorithm to check file delete. Jeremy. (This used to be commit eb18104d10428a5daef2316088edc3dbaff58708)
2007-10-10r5355: Fill in the access check code for POSIX ACLs to *really* fix bug #2227.Jeremy Allison1-2/+148
Jeremy. (This used to be commit ecc134a2e3546ed77ab6f1dafc0249c78897e1f3)
2007-10-10r5324: In order to process DELETE_ACCESS correctly and return access deniedJeremy Allison1-0/+11
to a WXPSP2 client we must do permission checking in userspace first (this is a race condition but what can you do...). Needed for bugid #2227. Jeremy. (This used to be commit da23577f162b6bdca7d631fca256a9b3b04043e4)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-13/+16
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r4016: Fix for bug found by Steve French client code (cifsfs) onJeremy Allison1-0/+9
POSIX ACL set. You need to *get* a permset_t pointer from the entry before any of the permset code will accept it as a valid value Jeremy. (This used to be commit 7e78059948612fa9f5d179a1e3f5f59e7ad5e456)
2007-10-10r4007: Fix bug #2088 - ensure inherit permissions is only applied on a new file,Jeremy Allison1-1/+1
not an existing one. Jeremy. (This used to be commit fbbdb72cf1adfe567112556626f26b031747f440)
2007-10-10r3951: Fix for bugid #2081 reported by John Janosik <jpjanosi@us.ibm.com> - ↵Jeremy Allison1-1/+3
ensure SE_DESC_DACL_PROTECTED is set if "map acl inherit = no". Jeremy. (This used to be commit 934c41b474c8959310389378bfa7d3332bd5ec79)
2007-10-10r3859: Ensure if num_acls is set to 0xFFFF this field is ignored.Jeremy Allison1-28/+28
Use def_acl everywhere instead of dir_acl. Jeremy. (This used to be commit d28611c960f87830aa8449725951984aa155b089)
2007-10-10r3816: Added fn to remove an ACL from a file. Now need client code to test this.Jeremy Allison1-2/+128
How do the share mask/modes fit into this code... Need to think about this. Jeremy. (This used to be commit 1aa1c2f489f5b92c3696e7b9123061d91babc34e)
2007-10-10r3794: Added set posix acl functionality into the UNIX extensions code.Jeremy Allison1-6/+235
One part missing - delete file acl (to be added asap). No client code yet, also needs testing with valgrind. Jeremy. (This used to be commit 6101ec2247c182fde6ea3e7e1f64a92b353ec4e8)
2007-10-10r3693: Correctly detect errno for no acl/ea support.Jeremy Allison1-14/+6
Jeremy (This used to be commit 089a76f611187e2ba4c3363b657905d04576109e)
2007-10-10r3496: Fix calling of get_acl_group_bits().Günther Deschner1-1/+1
Guenther (This used to be commit 3acc74eef5dae16d7e2792206640904265c42494)
2007-10-10r3296: Fix to ensure entries are stored in correct order. Bug #1498. Patch fromJeremy Allison1-2/+2
SATOH Fumiyasu <fumiya@samba.gr.jp>. Jeremy. (This used to be commit 7e35900bc6894d69f83c99ac6eb260d7cc35683a)
2007-10-10r3117: Fix from Tom Lackemann <cessnatomny@yahoo.com> for bug #1954.Jeremy Allison1-3/+6
Memory leak in posix acl code. Jeremy. (This used to be commit c97aab7ee6bf1f385b445b4b0eb0e1df7e9a56f5)
2007-10-10r1681: Ensure we return the same ACL revision on the wire that W2K3 does.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 31505acf033c7d76592bb5b4ef80b29a00658c49)
2007-10-10r1314: Restore the 2.2 'force unknown acl user' parameter. When getting a ↵Volker Lendecke1-19/+23
security descriptor for a file, if the owner sid is not known, the owner uid is set to the current uid. Same for group sid. This makes xcopy /o possible for files that are owned by local users/groups (local administrators for example). Thanks to Guenther for his persistence :-) Volker (This used to be commit 80e57d27909a9a1edad962e3f43c2178d2da2a92)
2007-10-10r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison1-1/+3
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
2007-10-10r428: add acls debug classHerb Lewis1-0/+3
(This used to be commit b7703799f8899affda205eacb0bf79cf8e2b9362)
2007-10-10r50: Fix bug 1139 as per fix suggested by jdev@panix.com,Jeremy Allison1-3/+3
swap lookups for user and group - group will do an algorithmic lookup if it fails, user won't. Jeremy. (This used to be commit a205c56a75c93c82796fd68687e8c0db26459073)
2004-04-02Added per-share parameter "store dos attributes". When set, will storeJeremy Allison1-1/+1
dos attributes in an EA. Based on an original patch from tridge, but modified somewhat to cover all cases. Jeremy. (This used to be commit ed653cd468213e0be901bc654aa3748ce5837947)
2004-03-31Added support for OS/2 EA's in smbd server. Test with smbtorture eatest.Jeremy Allison1-2/+0
New protocol option "ea support" to turn them on (off by default). Conrad at Apple may like this as it allows MacOS resource forks to be stored on a file. Passes valgrind. Documentation to follow. Jeremy. (This used to be commit 8cc10a6c0550c017a62e8a3790afd2172d173e00)
2003-11-25Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bitsJeremy Allison1-0/+42
if the file has an ACL. Jeremy. (This used to be commit 7bf5ed30ce74ba658ca35059955748c1d8cbd6d2)
2003-11-03Fix more 64-bit printf warnings.Tim Potter1-1/+1
(This used to be commit 23443e3aa079710221557e18158d0ddb8ff48a36)
2003-07-01Fixed the latest complaint from jcmd :-). We were storing -1 for theJeremy Allison1-6/+10
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute. Creator Owner and Creator group now show up as inherited correctly (I think :-). Jim please test. Jeremy. (This used to be commit dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)
2003-06-30Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we wereJeremy Allison1-20/+10
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct algorithm. Jeremy. (This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)
2003-06-23Fixed the merge_default_aces() code to work correctly with inheritance.Jeremy Allison1-11/+38
Hopefully will fix jcmd bugs :-). Jeremy. (This used to be commit 482e6c79edefc8aaacbb37f807d2076e59b40e26)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-2/+2
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-20Fixed sorting algorithm to prevent problems with W2K clients.Jeremy Allison1-2/+2
Jeremy. (This used to be commit fa8ca20ed440673d02ac5669f8d4c6623c1fdb6d)
2003-06-20Mapping of Windows ACL inheritance and protected bits onto extended attributesJeremy Allison1-16/+461
if available. Adds new parameter "map acl inheritance" (docs coming soon) off by default. Allows W2K acl inheritance dialogs to work correctly on POSIX acls. Jeremy. (This used to be commit a83595e80ae539135fa1a65d6066b10ac94fbad1)
2003-05-30Ensure 'blank' entries show up in both default and normal entries toJeremy Allison1-13/+7
allow them to be changed. Works well with W2K and above. Jeremy. (This used to be commit 685e4e518236079f201650f26152f6f9ad3c61ab)
2003-05-29Change get_nt_acl() to include security_info wanted. Only return this.Jeremy Allison1-138/+145
This gets us closer to W2k+ in what we return for file ACLs. Fix horribly broken make_sec_desc() that screwed up the size when given a SD with no owner or group (how did it get this bad... ?). Jeremy. (This used to be commit 183c9ed4052ab14e269ed1234ca557053f77e77a)
2003-05-28Fix bug brought up by Ken Cross that empty ACE's cause existing ACE's toJeremy Allison1-107/+14
be applied to new ACE set calls. This is incorrect. Don't think this has a bugzilla id. Jeremy. (This used to be commit cb70d8c9e87801c314d1b926d4e43ee451c04135)
2003-05-27Fix shadow parameter warning in free_empty_sys_acl()Tim Potter1-5/+5
(This used to be commit 1b2b7766c8fa89f46f4d1c881ee91c4b0b15773a)
2003-05-17Cope with cumulative permissions sets. This code is #ifdef'ed out at theJeremy Allison1-1/+49
moment as I don't think cumulative permission sets make sense in POSIX even though that's the way Windows works.... Jeremy. (This used to be commit 6ddd5b6ca7dde45ce866f852861e143434c84c7e)
2003-05-14Prefix VFS API macros with SMB_ for consistency and to avoid problems with ↵Alexander Bokovoy1-67/+67
VFS_ macros at system side. We currently have one clash with AIX and its VFS_LOCK. Compiled and tested -- no new functionality or code, just plain rename of macros for yet-unreleased VFS API version. Needs to be done before a24 is out (This used to be commit c2689ed118b490e49497a76ed6a2251262018769)